CVE-2011-0764

Published: Mar 31, 2011Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.

Affected (64)

Products: T1lib: T1lib · Foolabs: Xpdf · Glyphandcog: Xpdfreader

1 product

1 product

1 product

Configuration A

64 vulnerable

Vulnerable Software	Affected Versions
T1lib T1lib	Up to 5.1.2
T1lib T1lib	Version 0.1 alpha
T1lib T1lib	Version 0.2 beta
T1lib T1lib	Version 0.3 beta
T1lib T1lib	Version 0.4 beta
T1lib T1lib	Version 0.5 beta
T1lib T1lib	Version 0.6 beta
T1lib T1lib	Version 0.7 beta
T1lib T1lib	Version 0.8 beta
T1lib T1lib	Version 0.9.1
T1lib T1lib	Version 0.9.2
T1lib T1lib	Version 0.9
T1lib T1lib	Version 1.0.1
T1lib T1lib	Version 1.0
T1lib T1lib	Version 1.1.0
T1lib T1lib	Version 1.1.1
T1lib T1lib	Version 1.2
T1lib T1lib	Version 1.3.1
T1lib T1lib	Version 1.3
T1lib T1lib	Version 5.0.0
T1lib T1lib	Version 5.0.1
T1lib T1lib	Version 5.0.2
T1lib T1lib	Version 5.1.0
T1lib T1lib	Version 5.1.1
Foolabs Xpdf	Version 0.5a
Foolabs Xpdf	Version 0.7a
Foolabs Xpdf	Version 0.91a
Foolabs Xpdf	Version 0.91b
Foolabs Xpdf	Version 0.91c
Foolabs Xpdf	Version 0.92a
Foolabs Xpdf	Version 0.92b
Foolabs Xpdf	Version 0.92c
Foolabs Xpdf	Version 0.92d
Foolabs Xpdf	Version 0.92e
Foolabs Xpdf	Version 0.93a
Foolabs Xpdf	Version 0.93b
Foolabs Xpdf	Version 0.93c
Foolabs Xpdf	Version 1.00a
Foolabs Xpdf	Version 3.0.1
Foolabs Xpdf	Version 3.02pl1
Foolabs Xpdf	Version 3.02pl2
Foolabs Xpdf	Version 3.02pl3
Foolabs Xpdf	Version 3.02pl4
Glyphandcog Xpdfreader	Up to 3.02
Glyphandcog Xpdfreader	Version 0.2
Glyphandcog Xpdfreader	Version 0.3
Glyphandcog Xpdfreader	Version 0.4
Glyphandcog Xpdfreader	Version 0.5
Glyphandcog Xpdfreader	Version 0.6
Glyphandcog Xpdfreader	Version 0.7
Glyphandcog Xpdfreader	Version 0.80
Glyphandcog Xpdfreader	Version 0.90
Glyphandcog Xpdfreader	Version 0.91
Glyphandcog Xpdfreader	Version 0.92
Glyphandcog Xpdfreader	Version 0.93
Glyphandcog Xpdfreader	Version 1.00
Glyphandcog Xpdfreader	Version 1.01
Glyphandcog Xpdfreader	Version 2.00
Glyphandcog Xpdfreader	Version 2.01
Glyphandcog Xpdfreader	Version 2.02
Glyphandcog Xpdfreader	Version 2.03
Glyphandcog Xpdfreader	Version 3.00
Glyphandcog Xpdfreader	Version 3.01
Glyphandcog Xpdfreader	Version 3.02

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (36)

http://rhn.redhat.com/errata/RHSA-2012-1201.html

Source: cret@cert.org

http://secunia.com/advisories/43823

Source: cret@cert.org

Vendor Advisory

http://secunia.com/advisories/47347

Source: cret@cert.org

http://secunia.com/advisories/48985

Source: cret@cert.org

http://securityreason.com/securityalert/8171

Source: cret@cert.org

http://securitytracker.com/id?1025266

Source: cret@cert.org

http://www.foolabs.com/xpdf/download.html

Source: cret@cert.org

Patch

http://www.kb.cert.org/vuls/id/376500

Source: cret@cert.org

US Government Resource

http://www.kb.cert.org/vuls/id/MAPG-8ECL8X

Source: cret@cert.org

US Government Resource

http://www.mandriva.com/security/advisories?name=MDVSA-2012:002

Source: cret@cert.org

http://www.mandriva.com/security/advisories?name=MDVSA-2012:144

Source: cret@cert.org

http://www.securityfocus.com/archive/1/517205/100/0/threaded

Source: cret@cert.org

http://www.securityfocus.com/bid/46941

Source: cret@cert.org

http://www.toucan-system.com/advisories/tssa-2011-01.txt

Source: cret@cert.org

http://www.ubuntu.com/usn/USN-1316-1

Source: cret@cert.org

http://www.vupen.com/english/advisories/2011/0728

Source: cret@cert.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/66208

Source: cret@cert.org

https://security.gentoo.org/glsa/201701-57

Source: cret@cert.org

http://rhn.redhat.com/errata/RHSA-2012-1201.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43823

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/47347

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/48985

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/8171

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1025266

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.foolabs.com/xpdf/download.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.kb.cert.org/vuls/id/376500

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.kb.cert.org/vuls/id/MAPG-8ECL8X

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.mandriva.com/security/advisories?name=MDVSA-2012:002

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2012:144

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/517205/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/46941

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.toucan-system.com/advisories/tssa-2011-01.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1316-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0728

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/66208

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201701-57

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.